• Skip to main content

Uly.me

cloud engineer

  • Home
  • Archives
  • Search

Archives for January 2021

Install OpenJDK 8

January 31, 2021 by Ulysses

Here’s the installation instructions for OpenJDK 8.

For Fedora, Redhat and Oracle Linux.

yum install java-1.8.0-openjdk

yum install java-1.8.0-openjdk

For Debian and Ubuntu.

apt-get install openjdk-8-jre

apt-get install openjdk-8-jre

To see if the packages (symbolic links) are there, they can be found in /etc/alternatives/, at least in Redhat 7.

ls -l /etc/alternatives/

ls -l /etc/alternatives/

Filed Under: Misc Tagged With: 1.8.0, centos, java, jdk, jre, redhat, ubuntu

Restart RPC GSSD Service

January 31, 2021 by Ulysses

If a Linux user is having an access problem with a NFS share, and particularly with key expiration, then check if the RPC GSSD service is up and running. NFS clients uses the RPCSEC_GSS protocol to establish security credentials with a NFS server using Kerberos authentication.

Here’s an example of a key expire error due to a NFS client not authenticated properly.

df -h
df: '/data/dir1': Key has expired
df: '/data/dir2': Key has expired
df: '/data/dir3': Key has expired

df -h df: '/data/dir1': Key has expired df: '/data/dir2': Key has expired df: '/data/dir3': Key has expired

Check if RPC GSSD service is healthy. Restart the service if there are credential errors.

service rpc-gssd status

service rpc-gssd status

Here’s one with an authentication issue.

[root@server ~]# service rpc-gssd status
Redirecting to /bin/systemctl status rpc-gssd.service
● rpc-gssd.service - RPC security service for NFS client and server
   Loaded: loaded (/usr/lib/systemd/system/rpc-gssd.service; static; vendor preset: disabled)
   Active: active (running) since Sun 2021-01-31 03:16:43 CST; 2h 14min ago
 Main PID: 710 (rpc.gssd)
   Memory: 1.6M
   CGroup: /system.slice/rpc-gssd.service
           └─710 /usr/sbin/rpc.gssd
 
Jan 31 03:17:10 server.domain.com rpc.gssd[710]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found
Jan 31 03:17:10 server.domain.com rpc.gssd[710]: ERROR: No credentials found for connection to server nas.domain.com
Jan 31 03:17:10 server.domain.com rpc.gssd[710]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found
Jan 31 03:17:10 server.domain.com rpc.gssd[710]: ERROR: No credentials found for connection to server nas.domain.com

[root@server ~]# service rpc-gssd status Redirecting to /bin/systemctl status rpc-gssd.service ● rpc-gssd.service - RPC security service for NFS client and server Loaded: loaded (/usr/lib/systemd/system/rpc-gssd.service; static; vendor preset: disabled) Active: active (running) since Sun 2021-01-31 03:16:43 CST; 2h 14min ago Main PID: 710 (rpc.gssd) Memory: 1.6M CGroup: /system.slice/rpc-gssd.service └─710 /usr/sbin/rpc.gssd Jan 31 03:17:10 server.domain.com rpc.gssd[710]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found Jan 31 03:17:10 server.domain.com rpc.gssd[710]: ERROR: No credentials found for connection to server nas.domain.com Jan 31 03:17:10 server.domain.com rpc.gssd[710]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found Jan 31 03:17:10 server.domain.com rpc.gssd[710]: ERROR: No credentials found for connection to server nas.domain.com

Restart the service.

service rpc-gssd stop
service rpc-gssd start

service rpc-gssd stop service rpc-gssd start

Here’s a service that’s healthy.

[root@server ~]# service rpc-gssd status
Redirecting to /bin/systemctl status rpc-gssd.service
● rpc-gssd.service - RPC security service for NFS client and server
   Loaded: loaded (/usr/lib/systemd/system/rpc-gssd.service; static; vendor preset: disabled)
   Active: active (running) since Sun 2021-01-31 05:33:54 CST; 28min ago
  Process: 9809 ExecStart=/usr/sbin/rpc.gssd $GSSDARGS (code=exited, status=0/SUCCESS)
 Main PID: 9810 (rpc.gssd)
   Memory: 804.0K
   CGroup: /system.slice/rpc-gssd.service
           └─9810 /usr/sbin/rpc.gssd
 
Jan 31 05:33:54 server.domain.com systemd[1]: Starting RPC security service for NFS client and server...
Jan 31 05:33:54 server.domain.com systemd[1]: Started RPC security service for NFS client and server.

[root@server ~]# service rpc-gssd status Redirecting to /bin/systemctl status rpc-gssd.service ● rpc-gssd.service - RPC security service for NFS client and server Loaded: loaded (/usr/lib/systemd/system/rpc-gssd.service; static; vendor preset: disabled) Active: active (running) since Sun 2021-01-31 05:33:54 CST; 28min ago Process: 9809 ExecStart=/usr/sbin/rpc.gssd $GSSDARGS (code=exited, status=0/SUCCESS) Main PID: 9810 (rpc.gssd) Memory: 804.0K CGroup: /system.slice/rpc-gssd.service └─9810 /usr/sbin/rpc.gssd Jan 31 05:33:54 server.domain.com systemd[1]: Starting RPC security service for NFS client and server... Jan 31 05:33:54 server.domain.com systemd[1]: Started RPC security service for NFS client and server.

Filed Under: Linux Tagged With: client, gssd, kerberos, nfs, rpc

AWS EC2 List Firewall Rules

January 26, 2021 by Ulysses

AWS EC2 Firewall rules are defined within security groups. Security groups are attached to an instance. An instance can have up to 5 security groups. Essentially, this script gathers all the security groups associated with an instance, loops through them, and then outputs the ingress and egress rules of each security group to a file in a text format.

#!/bin/bash
# set variables
instanceid='i-xxxxxxxxxxxxxxxx'
region='us-east-1'
profile='sample'
# log and temp files
output="ec2-sg.log"
tmpfil="ec2-sg.tmp"
# empty log at start
> $output
# get sg ids
aws ec2 describe-instances \
--instance-ids $instanceid \
--region $region \
--profile $profile \
--query 'Reservations[*].Instances[*].SecurityGroups[*].[GroupId]' --output text > $tmpfil
while read -r id; do
  echo '============================================' >> $output
  echo $id >> $output
  echo '============================================' >> $output
  echo '---------------- INGRESS -------------------' >> $output
  aws ec2 describe-security-groups \
  --group-ids $id \
  --profile $profile \
  --region $region \
  --output text \
  --query 'SecurityGroups[].IpPermissions[].[FromPort,ToPort,IpProtocol,IpRanges[].CidrIp[]|[0]]' >> $output
  echo '---------------- EGRESS --------------------' >> $output
  aws ec2 describe-security-groups \
  --group-ids $id \
  --profile $profile \
  --region $region \
  --output text \
  --query 'SecurityGroups[].IpPermissionsEgress[].[FromPort,ToPort,IpProtocol,IpRanges[].CidrIp[]|[0]]' >> $output
done < $tmpfil

#!/bin/bash # set variables instanceid='i-xxxxxxxxxxxxxxxx' region='us-east-1' profile='sample' # log and temp files output="ec2-sg.log" tmpfil="ec2-sg.tmp" # empty log at start > $output # get sg ids aws ec2 describe-instances \ --instance-ids $instanceid \ --region $region \ --profile $profile \ --query 'Reservations[*].Instances[*].SecurityGroups[*].[GroupId]' --output text > $tmpfil while read -r id; do echo '============================================' >> $output echo $id >> $output echo '============================================' >> $output echo '---------------- INGRESS -------------------' >> $output aws ec2 describe-security-groups \ --group-ids $id \ --profile $profile \ --region $region \ --output text \ --query 'SecurityGroups[].IpPermissions[].[FromPort,ToPort,IpProtocol,IpRanges[].CidrIp[]|[0]]' >> $output echo '---------------- EGRESS --------------------' >> $output aws ec2 describe-security-groups \ --group-ids $id \ --profile $profile \ --region $region \ --output text \ --query 'SecurityGroups[].IpPermissionsEgress[].[FromPort,ToPort,IpProtocol,IpRanges[].CidrIp[]|[0]]' >> $output done < $tmpfil

Here’s a sample output.

============================================
sg-xxxxxxxxxxxxxxx
============================================
---------------- INGRESS -------------------
5985    5985    tcp     10.0.0.220/32
10005   10005   tcp     10.0.0.164/32
---------------- EGRESS --------------------
80      80      tcp     10.0.0.14/32
40000   65535   udp     10.0.0.0/8
3389    3389    tcp     10.0.0.96/32
9389    9389    tcp     10.0.0.0/8
5985    5986    tcp     10.0.0.96/32

============================================ sg-xxxxxxxxxxxxxxx ============================================ ---------------- INGRESS ------------------- 5985 5985 tcp 10.0.0.220/32 10005 10005 tcp 10.0.0.164/32 ---------------- EGRESS -------------------- 80 80 tcp 10.0.0.14/32 40000 65535 udp 10.0.0.0/8 3389 3389 tcp 10.0.0.96/32 9389 9389 tcp 10.0.0.0/8 5985 5986 tcp 10.0.0.96/32

Filed Under: Cloud Tagged With: aws, cli, ec2, firewall, output, security groups, text

Adding Domains in Certbot

January 25, 2021 by Ulysses

You can register multiple domains to a single SSL certificate. This is particularly useful if you are hosting multiple domains on one server. This command adds more domains to your existing certificate.

certbot --expand -d existing.com -d newdomain1.com -d newdomain2.com

certbot --expand -d existing.com -d newdomain1.com -d newdomain2.com

Check if the domains were added.

certbot certificates

certbot certificates

Certbot certificates are valid for 90 days, but they automatically renew themselves if expiration is less than 30 days. If you need to renew manually for some odd reason, you can run this command. You can also perform a dry-run before renewing.

certbot renew
certbot renew --dry-run

certbot renew certbot renew --dry-run

Filed Under: Linux Tagged With: add, certbot, certificate, domains

Using Or on Regular Expressions

January 21, 2021 by Ulysses

Here’s a regex using the pipe symbol as OR to allow only 6 possible values.

regex="efs-(00|04|08|12|16|20)00"

regex="efs-(00|04|08|12|16|20)00"

Matches:

efs-0000
efs-0400
efs-0800
efs-1200
efs-1600
efs-2000

efs-0000 efs-0400 efs-0800 efs-1200 efs-1600 efs-2000

No matches:

efs-0100
efs-2200
efs-0600
efs-1400
efs-1800
efs-1110
111022
asdb023
2330asd
1200-efs
1205
abc

efs-0100 efs-2200 efs-0600 efs-1400 efs-1800 efs-1110 111022 asdb023 2330asd 1200-efs 1205 abc

$var is compared with $regex to find a match. $var is any of the variables above.

if [[ $var != $regex ]]; then
  echo "Not a match"
else
  echo "It's a match"
fi

if [[ $var != $regex ]]; then echo "Not a match" else echo "It's a match" fi

Filed Under: Linux Tagged With: or, regex, regular expressions

AWS LightSail Create Terraform

January 18, 2021 by Ulysses

Here’s how to launch a LightSail instance using Terraform. Create a main.tf file.

terraform {
  required_providers {
    aws = {
      version = >= 3.22.0"
      source = "hashicorp/aws"
    }
  }
}
provider "aws" {
  profile = "default"
  region  = "us-east-1"
}
resource "aws_lightsail_instance" "yourinstance" {
  name              = "yourinstance"
  availability_zone = "us-east-1a"
  blueprint_id      = "amazon_linux_2"
  bundle_id         = "nano_2_0"
}

terraform { required_providers { aws = { version = >= 3.22.0" source = "hashicorp/aws" } } } provider "aws" { profile = "default" region = "us-east-1" } resource "aws_lightsail_instance" "yourinstance" { name = "yourinstance" availability_zone = "us-east-1a" blueprint_id = "amazon_linux_2" bundle_id = "nano_2_0" }

To launch, run the following Terraform commands.

terraform init
terraform apply

terraform init terraform apply

Filed Under: Cloud Tagged With: aws, create, instance, lightsail, terraform

Install Docker on Ubuntu 20.04 LTS

January 18, 2021 by Ulysses

Here’s the script how to install Docker on Ubuntu 20.04 LTS.

#!/bin/bash
sudo apt-get update
# install dependencies
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
# add the gpg key for docker
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
# add the repository in the Linux mint 20
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(. /etc/os-release; echo "$UBUNTU_CODENAME") stable"
sudo apt-get update
# install docker e docker-compose
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(. /etc/os-release; echo "$UBUNTU_CODENAME") stable"
sudo apt-get -y install docker-ce docker-compose
# add the user system to sudo group, no sudo command
sudo usermod -aG docker $USER
# prints docker version =)
docker --version

#!/bin/bash sudo apt-get update # install dependencies sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common # add the gpg key for docker curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - # add the repository in the Linux mint 20 sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(. /etc/os-release; echo "$UBUNTU_CODENAME") stable" sudo apt-get update # install docker e docker-compose sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(. /etc/os-release; echo "$UBUNTU_CODENAME") stable" sudo apt-get -y install docker-ce docker-compose # add the user system to sudo group, no sudo command sudo usermod -aG docker $USER # prints docker version =) docker --version

Filed Under: Cloud Tagged With: docker, install, ubuntu 20.04 lts

AWS EFS Create Terraform

January 18, 2021 by Ulysses

Here’s how to build an EFS file system using Terraform. Create a main.tf file.

terraform {
  required_providers {
    aws = {
      version = ">= 3.22.0"
      source = "hashicorp/aws"
    }
  }
}
provider "aws" {
  profile = "default"
  region  = "us-east-1"
}
resource "aws_efs_file_system" "efs-test" {
   creation_token = "efs-test"
   performance_mode = "generalPurpose"
   throughput_mode = "bursting"
   encrypted = "true"
 tags = {
     Name = "efs-test"
   }
}
resource "aws_efs_mount_target" "efs-mt-example" {
   file_system_id  = aws_efs_file_system.efs-test.id
   subnet_id = "subnet-xxxxxxxxxxxxxxxxx"
   security_groups = ["sg-xxxxxxxxxxxxxxxxxx"]
}

terraform { required_providers { aws = { version = ">= 3.22.0" source = "hashicorp/aws" } } } provider "aws" { profile = "default" region = "us-east-1" } resource "aws_efs_file_system" "efs-test" { creation_token = "efs-test" performance_mode = "generalPurpose" throughput_mode = "bursting" encrypted = "true" tags = { Name = "efs-test" } } resource "aws_efs_mount_target" "efs-mt-example" { file_system_id = aws_efs_file_system.efs-test.id subnet_id = "subnet-xxxxxxxxxxxxxxxxx" security_groups = ["sg-xxxxxxxxxxxxxxxxxx"] }

To launch, run terraform.

terraform init
terraform apply

terraform init terraform apply

Filed Under: Cloud Tagged With: apply, aws, create, efs, init, terraform

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to Next Page »
  • Home
  • About
  • Contact

Copyright © 2022